Пример #1
0
/**
 * Deletes a given comment
 *
 * The function expects the calling function to check to make sure the
 * requesting user has the correct permissions and that the comment exits
 * for the specified $type and $sid.
 *
 * @author  Vincent Furia, vinny01 AT users DOT sourceforge DOT net
 * @param   string      $type   article, poll, or plugin identifier
 * @param   string      $sid    id of object comment belongs to
 * @param   int         $cid    Comment ID
 * @return  string      0 indicates success, >0 identifies problem
 */
function CMT_deleteComment($cid, $sid, $type)
{
    global $_CONF, $_TABLES, $_USER;
    $ret = 0;
    // Assume good status unless reported otherwise
    // Sanity check, note we return immediately here and no DB operations
    // are performed
    if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
        COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to delete a comment with one or more missing/bad values.');
        return $ret = 1;
    }
    // Delete the comment from the DB and update the other comments to
    // maintain the tree structure
    // A lock is needed here to prevent other additions and/or deletions
    // from happening at the same time. A transaction would work better,
    // but aren't supported with MyISAM tables.
    DB_lockTable($_TABLES['comments']);
    $result = DB_query("SELECT pid, lft, rht FROM {$_TABLES['comments']} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
    if (DB_numRows($result) == 1) {
        list($pid, $lft, $rht) = DB_fetchArray($result);
        DB_change($_TABLES['comments'], 'pid', $pid, 'pid', $cid);
        DB_delete($_TABLES['comments'], 'cid', $cid);
        DB_query("UPDATE {$_TABLES['comments']} SET indent = indent - 1 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft BETWEEN {$lft} AND {$rht}");
        DB_query("UPDATE {$_TABLES['comments']} SET lft = lft - 2 " . "WHERE sid = '{$sid}' AND type = '{$type}'  AND lft >= {$rht}");
        DB_query("UPDATE {$_TABLES['comments']} SET rht = rht - 2 " . "WHERE sid = '{$sid}' AND type = '{$type}'  AND rht >= {$rht}");
    } else {
        COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to delete a comment that doesn\'t exist as described.');
        return $ret = 2;
    }
    DB_unlockTable($_TABLES['comments']);
    return $ret;
}
Пример #2
0
/**
* Creates new user session (short term cookie)
*
* Adds a new session to the database for the given userid and returns a new session ID.
* Also deletes all expired sessions from the database, based on the given session lifespan.
*
* @param        int         $userid         User ID to create session for
* @param        string      $remote_ip      IP address user is connected from
* @param        string      $lifespan       How long (seconds) this cookie should persist
* @param        string      $md5_based      If 1 session will be MD5 hash of ip address
* @return       string      Session ID
*
*/
function SESS_newSession($userid, $remote_ip, $lifespan, $md5_based = 0)
{
    global $_TABLES, $_CONF, $_SESS_VERBOSE;
    if ($_SESS_VERBOSE) {
        COM_errorLog("*** Inside SESS_newSession ***", 1);
        COM_errorLog("Args to SESS_newSession: userid = {$userid}, " . "remote_ip = {$remote_ip}, lifespan = {$lifespan}, " . "md5_based = {$md5_based}", 1);
    }
    $sessid = mt_rand();
    // For added security we are adding the option to build a IP-based
    // session ID.  This has the advantage of better security but it may
    // required dialed users to login every time.  You can turn the below
    // code on in the configuration (it's turned off by default)
    $md5_sessid = '';
    if ($md5_based == 1) {
        $ip = str_replace('.', '', $remote_ip);
        $md5_sessid = md5($ip + $sessid);
    }
    $ctime = time();
    $currtime = (string) $ctime;
    $expirytime = (string) ($ctime - $lifespan);
    if (!isset($_COOKIE[$_CONF['cookie_session']])) {
        // ok, delete any old sessons for this user
        if ($userid > 1) {
            DB_delete($_TABLES['sessions'], 'uid', $userid);
        } else {
            DB_delete($_TABLES['sessions'], array('uid', 'remote_ip'), array(1, $remote_ip));
        }
    } else {
        DB_lockTable($_TABLES['sessions']);
        $deleteSQL = "DELETE FROM {$_TABLES['sessions']} WHERE (start_time < {$expirytime})";
        $delresult = DB_query($deleteSQL);
        DB_unlockTable($_TABLES['sessions']);
        if ($_SESS_VERBOSE) {
            COM_errorLog("Attempted to delete rows from session table with following SQL\n{$deleteSQL}\n", 1);
            COM_errorLog("Got {$delresult} as a result from the query", 1);
        }
        if (!$delresult) {
            die("Delete failed in SESS_newSession()");
        }
    }
    // Remove the anonymous session for this user
    if ($userid > 1) {
        // Retrieve any session variables that we need to add to the new logged in session
        // To come
        // Delete record
        DB_delete($_TABLES['sessions'], array('uid', 'remote_ip'), array(1, $remote_ip));
    }
    // Create new session
    if ($md5_based == 1) {
        $sql = "INSERT INTO {$_TABLES['sessions']} " . "(sess_id, md5_sess_id, uid, start_time, remote_ip, whos_online) " . "VALUES ({$sessid}, '{$md5_sessid}', {$userid}, {$currtime}, '{$remote_ip}', 1)";
    } else {
        $sql = "INSERT INTO {$_TABLES['sessions']} " . "(sess_id, uid, start_time, remote_ip, whos_online) " . "VALUES ({$sessid}, {$userid}, {$currtime}, '{$remote_ip}', 1)";
    }
    $result = DB_query($sql);
    if (!$result) {
        echo DB_error() . ": " . DB_error() . "<br" . XHTML . ">";
        die("Insert failed in SESS_newSession()");
    }
    if ($_CONF['lastlogin'] == true) {
        // Update userinfo record to record the date and time as lastlogin
        DB_query("UPDATE {$_TABLES['userinfo']} SET lastlogin = UNIX_TIMESTAMP() WHERE uid={$userid}");
    }
    if ($_SESS_VERBOSE) {
        COM_errorLog("Assigned the following session id: {$sessid}", 1);
        COM_errorLog("*** Leaving SESS_newSession ***", 1);
    }
    if ($md5_based == 1) {
        return $md5_sessid;
    }
    return $sessid;
}
Пример #3
0
    foreach ($func() as $info) {
        $footer = true;
        if (isset($info['footer']) && !$info['footer']) {
            $footer = false;
        }
        $priority = !empty($info['priority']) ? $info['priority'] : 100;
        $_SCRIPTS->setJavaScriptFile(md5($info['file']), $info['file'], $footer, $priority);
    }
}
$func = "theme_init_" . $_CONF['theme'];
if (function_exists($func)) {
    $func();
}
unset($theme_config, $func);
// Clear out any expired sessions
DB_lockTable($_TABLES['sessions']);
DB_query("UPDATE {$_TABLES['sessions']} SET whos_online = 0 WHERE start_time < " . (time() - $_CONF['whosonline_threshold']));
DB_unlockTable($_TABLES['sessions']);
/**
* Global array of groups current user belongs to
*
* @global array $_GROUPS
*
*/
if (!COM_isAnonUser()) {
    $_GROUPS = SEC_getUserGroups($_USER['uid']);
} else {
    $_GROUPS = SEC_getUserGroups(1);
}
/**
* Global array of current user permissions [read,edit]
Пример #4
0
function DLM_saveComment(&$C)
{
    global $_CONF, $_TABLES, $_USER, $_LANG_CONV, $_SUCCESS;
    $retval = '';
    $title = addslashes($C['title']);
    $comment = addslashes($C['comment']);
    $sid = addslashes(str_replace('fileid_', '', $C['sid']));
    $pid = (int) $C['pid'];
    $type = 'downloads';
    $name = addslashes($C['name']);
    $ipaddress = addslashes($C['ipaddress']);
    $uid = (int) $C['uid'];
    if ($pid > 0) {
        DB_lockTable($_TABLES['comments']);
        $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} " . "WHERE cid = {$pid} AND sid = '{$sid}'");
        if (DB_error()) {
            $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
            $_SUCCESS = false;
            return $retval;
        }
        list($rht, $indent) = DB_fetchArray($result);
        $rht2 = $rht + 1;
        $indent += 1;
        DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft >= {$rht}");
        if (DB_error()) {
            $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
            $_SUCCESS = false;
            return $retval;
        }
        DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND rht >= {$rht}");
        if (DB_error()) {
            $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
            $_SUCCESS = false;
            return $retval;
        }
        if (isset($name)) {
            DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht},{$rht2},{$indent},'{$type}','{$ipaddress}','{$name}'");
        } else {
            DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht},{$rht2},{$indent},'{$type}','{$ipaddress}'");
        }
    } else {
        $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '{$sid}'");
        if (DB_error()) {
            $rht = 0;
        }
        $rht2 = $rht + 1;
        $rht3 = $rht + 2;
        if (isset($name)) {
            DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht2},{$rht3},0,'{$type}','{$ipaddress}','{$name}'");
        } else {
            DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht2},{$rht3},0,'{$type}','{$ipaddress}'");
        }
    }
    if (DB_error()) {
        $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
        $_SUCCESS = false;
        return $retval;
    }
    $result = DB_query("SELECT LAST_INSERT_ID()");
    list($last_cid) = DB_fetchArray($result);
    $C['new_cid'] = $last_cid;
    DB_unlockTable($_TABLES['comments']);
    $cid = (int) $C['new_cid'];
    $date = addslashes($C['date']);
    $name = addslashes($C['name']);
    $score = (int) $C['score'];
    $reason = (int) $C['reason'];
    DB_query("UPDATE {$_TABLES['comments']} SET " . "date='{$date}', " . (!empty($name) ? "name='{$name}', " : "name=NULL, ") . "score={$score}, " . "reason={$reason} " . "WHERE cid={$cid}");
    if (DB_error()) {
        $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
        $_SUCCESS = false;
        return $retval;
    }
    return $retval;
}